• Home
  • cyber
  • Syngenta Group and ChemChina: ShadowByt3$ Ransomware Hits Syngenta’s Cropwise Platform
cyber Ransomware

Syngenta Group and ChemChina: ShadowByt3$ Ransomware Hits Syngenta’s Cropwise Platform

Jun 2, 2026 2 min read
Syngenta Group and ChemChina: ShadowByt3$ Ransomware Hits Syngenta’s Cropwise Platform

ShadowByt3$ Ransomware Claims Breach of Syngenta’s Cropwise Precision Agriculture Platform

The ransomware group ShadowByt3$ has listed Cropwise, the digital precision agriculture platform operated by Syngenta Group (a subsidiary of ChemChina), as a victim, alleging unauthorized access to production systems and user accounts. The breach targets a platform that aggregates years of farm-level agronomic intelligence, including proprietary data with significant commercial and strategic value.

Scope of the Breach

ShadowByt3$ claims to have exfiltrated data from two key subdomains:

  • operations.cropwise.com – Core agronomic and operational data.
  • accounts.cropwise.com – User authentication and access credentials.

Stolen Data Categories

  1. Agronomic Intelligence

    • GIS field boundary files (precise farm field locations).
    • NDVI satellite imagery (crop health and growth tracking).
    • Problem zone flags, growth records, and proprietary yield prediction models (irreplaceable, multi-season data).

  2. User Credentials & API Keys

    • Full names, corporate emails, phone numbers, password hashes, and session tokens.
    • API keys, enabling potential unauthorized access to connected farming equipment, sensors, and third-party systems without triggering alerts.

  3. Operational & Supply Chain Records

    • Pesticide/fertilizer application logs (revealing product usage).
    • Crop types, seeding timelines, and harvesting schedules (exposing production patterns).

Strategic & Commercial Impact

The stolen data holds unique value beyond typical enterprise breaches:

  • Competitive intelligence for rival agrochemical firms.
  • Supply chain analysis for commodity traders.
  • State-sponsored interest in food security and agricultural production trends.
  • Irrecoverable loss of proprietary yield models, which cannot be restored via patches or password resets.

ShadowByt3$’s Targeting Pattern

The group has a history of breaching SaaS platforms with large institutional user bases, amplifying downstream risks. Since Cropwise serves farmers and enterprises across multiple countries, compromised API keys and credentials could extend the breach’s impact to connected third-party systems.

Syngenta’s investigation will determine whether the intrusion was prolonged or if the group exaggerated the breach’s scope. The incident underscores the high-stakes nature of precision agriculture data, where intellectual property, operational records, and access credentials converge in a single, high-value target.

Source: https://dailysecurityreview.com/cyber-security/shadowbyt3-ransomware-hits-syngentas-cropwise-platform/

Syngenta Group TPRM report: https://www.rankiteo.com/company/syngentagroup

ChemChina TPRM report: https://www.rankiteo.com/company/chemchina

"id": "chesyn1780417682",
"linkid": "chemchina, syngentagroup",
"type": "Ransomware",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Farmers and enterprises across '
                                              'multiple countries',
                        'industry': 'Agriculture/Agrochemical',
                        'name': 'Syngenta Group (Cropwise)',
                        'type': 'Corporation'}],
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['GIS files',
                                        'Satellite imagery',
                                        'Logs',
                                        'Credentials'],
                 'personally_identifiable_information': 'Full names, corporate '
                                                        'emails, phone numbers',
                 'sensitivity_of_data': 'High (proprietary, commercially '
                                        'valuable, and strategically '
                                        'significant)',
                 'type_of_data_compromised': ['Agronomic intelligence (GIS '
                                              'field boundary files, NDVI '
                                              'satellite imagery, problem zone '
                                              'flags, growth records, yield '
                                              'prediction models)',
                                              'User credentials (full names, '
                                              'corporate emails, phone '
                                              'numbers, password hashes, '
                                              'session tokens)',
                                              'API keys',
                                              'Operational and supply chain '
                                              'records (pesticide/fertilizer '
                                              'application logs, crop types, '
                                              'seeding timelines, harvesting '
                                              'schedules)']},
 'description': 'The ransomware group ShadowByt3$ has listed Cropwise, the '
                'digital precision agriculture platform operated by Syngenta '
                'Group (a subsidiary of ChemChina), as a victim, alleging '
                'unauthorized access to production systems and user accounts. '
                'The breach targets a platform that aggregates years of '
                'farm-level agronomic intelligence, including proprietary data '
                'with significant commercial and strategic value.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': 'Agronomic intelligence, user credentials, API '
                                'keys, operational and supply chain records',
            'identity_theft_risk': 'High (user credentials and PII exposed)',
            'operational_impact': 'Potential unauthorized access to connected '
                                  'farming equipment, sensors, and third-party '
                                  'systems',
            'systems_affected': ['operations.cropwise.com',
                                 'accounts.cropwise.com']},
 'investigation_status': 'Ongoing (Syngenta’s investigation to determine scope '
                         'and validity)',
 'motivation': ['Competitive intelligence',
                'Financial gain',
                'State-sponsored interest'],
 'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'ShadowByt3$'},
 'references': [{'source': 'Cyber Incident Description'}],
 'threat_actor': 'ShadowByt3$',
 'title': 'ShadowByt3$ Ransomware Claims Breach of Syngenta’s Cropwise '
          'Precision Agriculture Platform',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.